Chat now with support
Chat with Support

Safeguard Authentication Services 6.0 LTS - Ansible Guide

From GitHub

For the examples in this section please see ansible-Safeguard Authentication Services releases page to find the latest collection build artifact (*.tar.gz file) and use the URL to this file in place of the URL's shown below. The collection build artifact is under the 'Assets' section for each release (right click on the *.tar.gz file and select 'Copy link address' to copy URL).

To install from GitHub you can use the ansible-galaxy command to install the collection on your control node. See Ansible documentation for futher information.

Using ansible-galaxy command:

ansible-galaxy collection install https://github.com/OneIdentity/ansible-authentication-services/releases/download/v0.0.8/oneidentity-authentication_services-0.0.8.tar.gz

The collection can also be added to a project's requirements.yml file

---
collections:
- name: https://github.com/OneIdentity/ansible-authentication-services/releases/download/v0.0.8/oneidentity-authentication_services-0.0.8.tar.gz

and installed using the ansible-galaxy command. This method allows all required collections for a project to be specified in one place and installed with one command.

ansible-galaxy collection install -r requirements.yml

When used with Ansible Tower and Ansible AWX the collections in the project's requirements.yml file are automatically installed each time a project is run and there is no need to use the ansible-galaxy command.

Local build and install

For local build and installation, you can clone the Git repository, build the collection artifact, and install the locally built collection artifact. This would be useful for those wishing to extend or customize the collection.

  1. Clone the Git repository:

    git clone https://github.com/OneIdentity/ansible-authentication-services.git
  2. Run a local build inside the collection using the ansible-galaxy command in the root directory of the cloned repository:

    cd ansible-authentication-services
    ansible-galaxy collection build

    The build command will generate an Ansible Galaxy collection artifact with a tar.gz file extension, sample output will look like the following:

    Created collection for oneidentity.authentication_services at /home/user/ansible-authentication-services/oneidentity-authentication_services-0.0.8.tar.gz
    The path shown above is just an example, the path to your build artifact will be in the root directory of the cloned repository.
  3. Install the locally-built collection artifact using the ansible-galaxy command to install the collection on your control node. See Ansible documentation for further information.

    Using ansible-galaxy command:

    ansible-galaxy collection install /home/user/ansible-authentication-services/oneidentity-authentication_services-0.0.8.tar.gz

    The collection can also be added to a project's requirements.yml file

    ---
    collections:
    - name: /home/user/ansible-authentication-services/oneidentity-authentication_services-0.0.8.tar.gz

    and installed using the ansible-galaxy command. This method allows all required collections for a project to be specified in one place and installed with one command.

    ansible-galaxy collection install -r requirements.yml

    When used with Ansible Tower and Ansible AWX the collections in the project's requirements.yml file are automatically installed each time a project is run and there is no need to use the ansible-galaxy command.

Privilege Manager Ansible Collection

The One Identity Safeguard Authentication Services Ansible Collection, referred to as ansible-privilege-manager, consists of roles, modules, plugins, report templates, and sample playbooks to automate software deployment, configuration, policy server joining, and report generation for Safeguard Authentication Services.

Collection contents

The tables below show the former MCU functions and their Ansible equivalents as well as new Ansible functions with no former MCU equivalents:

Actions in MCU Equivalent in Ansible Description

Check readiness

client_preflight role

Check client readiness for software install and AD join.

Install on a host

client_sw role Client software install, upgrade, downgrade, uninstall, and version checking.
Setting custom configuration settings client_config role Client configuration.

Join client to AD

Unjoin client from AD

client_join role Client AD joining/unjoining.
Host Access Control host_access_control role Show the content of users.allow and users.deny files.
Check QAS agent status client_agent_status role Checks the health status of client agents.
Reports in MCU Equivalent in Ansible

Description

 
AD User Conflicts ad_user_conflicts role

User Reports

 

Local Unix Users

local_unix_users role

User Reports

 
Unix-enabled AD Users unix_enabled_ad_users role

User Reports

 
Local Unix Users With AD Logon local_unix_users_with_ad_logon role

User Reports

 
Local Unix User Conflicts local_unix_user_conflicts role

User Reports

 

Local Unix Groups

local_unix_groups role

Group Reports

 
Unix-enabled AD Groups unix_enabled_ad_groups role

Group Reports

 
AD Group Conflicts ad_group_conflicts role

Group Reports

 
Unix Computers in AD unix_computers_in_ad role

Host Reports

 
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating